Zero-Tier connectivity


#1

21.co released their Bitcoin Computer library as open source this week. It uses the www.zerotier.com virtual network. ZeroTier supports regular DNS. Will I be able (now or in the future) to use Let’s Encrypt to validate my ZeroTier domain? E.g. there could be a virtual (private) Let’s Encrypt network on ZeroTier which I could connect to which gives Let’s Encrypt the ability to verify my virtual ZeroTier IP ( or something like that :slight_smile: )


#2

We found this by Googling ‘ZeroTier’ as we periodically do and we’d be happy to help provide a mechanism for this if there’s interest.


#3

I don’t know anything about this technology in particular. However, the original post mentions “regular DNS”. As a Public CA in the Web PKI, Let’s Encrypt issues certificates for names in the Internet’s DNS, and is content to accept as proof of control of a name a challenge using DNS TXT records. So anything which is able to programatically create DNS TXT records for a name in the DNS (with some narrow exceptions by Let’s Encrypt policy, such as the US military’s .mil TLD) can obtain a Let’s Encrypt certificate for that name.

That might not be cool, in that it wouldn’t necessarily make any use of your virtual network or other technology, but it would mean people get working SSL / TLS certificates. Also if the DNS entries in question are all really controlled by ZeroTier in some sense (e.g. if they were all in *.zerotier.example) rather than users bringing their own names that might be a problem and you should talk to Let’s Encrypt about what you want to happen there.